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Abstract 

Healthcare data has been moving to cloud platforms in recent years, which has 
increased accessibility and scalability but also raised security issues. Ensuring 
data integrity and safeguarding private health information from unwanted access 
are critical. This paper presents a comprehensive strategy to integrate effective 
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eA iaeaa Elliptic Curve Cryptography ECC-AES with steganography techniques to improve 
AES, Cloud ' 
Computing the security of healthcare data in the cloud. ECC-AES is especially well-suited for 


cloud situations with limited resources since it provides strong security with 
reduced key sizes. Confidentiality is guaranteed by encrypting healthcare data 
using ECC- AES before storage, reducing the possibility of data breaches. 
Steganography techniques are also integrated to improve security against skilled 
adversaries by adding an extra degree of obfuscation by concealing encrypted data 
inside innocuous files or images. Strict key management procedures, access 
control systems, and frequent security audits are important components of the 
proposed system that ensure adherence to Health Insurance Portability and 
Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) 
compliance requirements pertaining to healthcare data protection. The proposed 
system provides the multilayer security on healthcare data in cloud environment 
than other existing systems. 


Cryptography, E- 
Healthcare Data, 
Steganography 


1. Introduction 


The spectrum of completely integrated services and 
solutions that satisfy various  socio-industrial 
demands has expanded due to the exponential rise 
of software and sophisticated hardware systems. 
Out of all the most recent emergent applications, 
data transmission and its allied forces in the 
exchange of knowledge have garnered widespread 
favor worldwide [1]. However, the rapid 
advancement of internet technology and _ its 
associated applications has given rise to a number 
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of breakthroughs, including cloud computing and 
the Internet of Things (loT). However, companies 
have traditionally faced difficulties in guaranteeing 
safe communication across diverse application 
contexts [2]. Many communication technologies 
that enable the Internet are used on a daily basis for 
a variety of purposes, including social networking 
sites, the medical services industry, e-commerce, 
Organizations of scientific community, the business 
sector, and many other industrial demands like 
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monitoring and security systems [3]. Data 
transmission was transformed by the increased 
bandwidth and data rates of optical fiber 
communication and 4G/5G cellular technology. 
Data communication over the internet in the form 
of text, photos, audio, and video is now 
commonplace [4]. Governments, Agencies of law 
enforcement, and hospitals are exchanging 
multimedia data for telemedicine purposes. There 
was an increase in internet traffic throughout the 
lockdown in worldwide at the time of the 
COVID-19.Despite the fact that using the internet 
has many benefits, security and data privacy are still 
problems [5]. Hackers may now access a wide range 
of tools, data theft, modifications, and revisions are 
now feasible. As a result, maintaining data security 
has emerged as a difficult yet crucial problem for 
researchers. To solve data security challenges, a 
variety of information-protecting procedures have 
been proposed, including data concealing 
techniques and cryptography. Cryptography 
disintegrates and transforms the confidential 
information into a format that is unintelligible to an 
unapproved individual. Standard encryption 
methods or chaos-based encryption methods can be 
used for cryptography. Prior to embedding, the 
crucial data in these methods is encrypted using the 
secret key. However, the primary drawback of 
SETs—which renders them unreliable and unsecure 
for data encryption—is the volume of data with key 
lengths [6]. The chaos-based encryption techniques 
have helped to overcome the SETs' drawback. The 
original encryption keys used in the chaos 
encryption approach are susceptible to 
modifications. Therefore, more safe cryptographic 
techniques to guarantee data security are chaos- 
based encryption schemes. By using encryption to 
alter the original data's shape, cryptography can 
offer a high level of data security. However, 
cryptography by itself is not impervious to security 
breaches because its encrypted form draws the 
attention of attackers and can thus be altered or 
compromised [7]. Encrypted shape could attract the 
curiosity of an eavesdropper; it is not a suitable way 
to ensure data security. As a result, data masking 
has been extensively employed by academics to 
conceal the presence of crucial data to stop drawing 
the attention of outsiders [8]. The IoT has advanced 
to the point that almost anything may be accessible 
at any time, from any location, and can perform 


2024, Vol. 06, Issue 06 June 


almost any function. In order to enable cooperative 
computing scenarios, the IoT is typically made up 
of small components that are connected to one 
another. The cost of energy, connection of devices 
and processing power are some of the IoT's 
constraints. Medical devices ability to integrate loT 
capabilities which improves service quality and 
efficiency, the healthcare industry has adopted IoT 
at a faster pace than others [9]. S-health, or smart 
health, is the situational enhancement of telehealth 
in intelligent cities, allowing for accurate and 
effective prevention of illness and accidents. 
Recently, the disease-centered approach by 
healthcare management has given way to the 
patient-centered approach globally. Because of how 
simple it is to handle and distribute health data, it 
has become ingrained in the medical industry. It 
allowing for continual monitoring of physiological 
conditions, long-term illness proposed, and therapy 
instruction [10]. Even though s-health is still in its 
early stages, a lot of problems still need to be 
resolved before it can be applied in practical 
situations. Individuals are becoming increasingly 
concerned about hacking attempts in the s-health 
industry and safeguarding the confidentiality and 
safety of highly sensitive individual healthcare 
information of the IoT users without sacrificing the 
data's usefulness remains a _ difficulty [11]. 
However, most access control systems only offer 
coarse-grained access limits or undermine data 
security. According to this logic, end-to-end data 
secrecy can be secured using sharing key 
mechanisms, but they are insufficient in these novel 
situations. This feature specifies the conditions that 
a subject needs to fulfill in order to fully decode a 
piece of data [12]. Examined the creation of a 
homomorphic encryption algorithm for the first 
time in that year. Numerous attempts by scholars to 
design homomorphic systems with different 
operations led to the development of this idea. 
Homomorphic encryption is a collection of 
encryption methods that can be used for a variety of 
computations on encrypted data. Some of the most 
common forms of homomorphic encryption include 
leveled fully homomorphic, partially 
homomorphic, slightly homomorphic, and 
absolutely homomorphic. It is possible to do an 
infinite number of tasks at once with Fully 
Homomorphic Encryption (FHE). IoT systems need 
to adhere to stronger security and dependability 
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standards to safeguard people's privacy and 
confidentiality [13]. No matter its origin or 
geographic barriers, cloud computing offers real- 
time computing, data access, and cloud-based 
decision-making to a wide range of stakeholders. 
This is one of its primary characteristics. However, 
until a strong security mechanism is offered, 
information exchanged between nodes, between 
users, or throughout the cloud platform is extremely 
insecure. One of the main issues with cloud 
computing is how to securely communicate or 
preserve personal data, especially multimedia 
(audio, video, and image) [14]. Enabling 
computational effectiveness is also necessary, as 
cloud computing necessitates fast and dependable 
processing to fulfill real-time application 
requirements. This is in addition to ensuring secure 
communication [15]. In light of the rapidly 
increasing needs for computing power and related 
communication, it represents the guarantee of 
security, scalability, and manageability in the cloud 
computing environment. In cloud environments 
such as social networking, healthcare, etc., 
facilitating data security has become essential. 

2. Literature Survey 

Pay-as-you-go model, the cloud makes use of 
technologies like cryptography and steganography 
for safeguarding user data transfer. The Least 
Significant Bit (LSB) and Discrete Cosine 
Transform (DCT) techniques were the main topics 
of this work's review of numerous investigations 
[16]. The author’s primary concern is the hybrid 
approach combining AES and FHE. Unlike earlier 
methods, this hybrid strategy is safer, more 
redundant, and lets the user preserve data. They 
believe that if AES can encrypt data with 14 cycles 
using a 256-piece square, then, cloud computing 
may be able to benefit from this breakthrough as 
well. A FHE technique serves as the foundation for 
the second phase's encryption process. Two 
objectives are achieved by this method: 
multiplicative homomorphic and _ additional 
substance. The user is using the private key given 
that they possess the cipher text obtained through 
maiden scrambling. The secret key and the content 
of the Cipher will now be encrypted jointly using 
additional material homomorphic encryption. The 
user may safeguard privacy, confidentiality of data, 
and integrity of data from hackers by employing 
this method [17]. According to the authors of this 
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paper, encryption makes it possible to send 
sensitive data across an unprotected channel 
without running the danger of it being lost or altered 
by unwanted parties [18]. ECC requires a very tiny 
key, it is utilized in this paper to encipher data on 
the cloud. Elliptic Curve uses the least amount of 
energy since its small key size minimizes 
computing power. In this work, ECC is used for key 
production, encryption, and decryption. The report 
suggests a two-tiered approach to cloud data 
protection. Value, Variety, Velocity, Veracity, and 
Volume—the five Vs.—all need to be taken into 
account in the healthcare industry since a variety of 
data, including patient names, birthdates, and vital 
sign numbers, are frequently collected and must be 
kept on file for several systems. Daily data 
collection would produce high velocity, which 
would cause the volume of data to expand quickly 
[19]. In a recent study that assessed the variety and 
volume of health information, developed a digital 
memory system supporting essential medical 
services. Its goal is to organize various biological 
records in an emergency situation and make them 
easily accessible to the necessary medical personnel 
[20]. On encrypted data, unrestricted computations 
such as additions and multiplications are obtainable 
by FHE producing results that, when decrypted, are 
exactly akin to the operations on plain data. As a 
result, cloud infrastructure can function lawfully 
using encrypted data without requiring any prior 
decoding [21]. RSA is a partial homomorphic 
method which solely considers operations that are 
multiplicative [22]. The deficiency in current 
research is the absence of a thorough security 
framework that is especially designed to meet the 
special needs of healthcare data in cloud systems. 
Although there is a wealth of literature on 
cryptography and general cloud security, there is a 
conspicuous lack of research that focuses explicitly 
on tackling the security concerns associated with 
processing and storing healthcare data in the cloud. 
Previous research frequently fails to take into 
account the complex needs and legal limitations 
that the healthcare sector faces, which results in 
security solutions that might not be able to 
sufficiently safeguard patient data that is sensitive 
or guarantee adherence to laws like HIPAA and 
GDPR. Furthermore, even while encryption 
methods like RSA are frequently used to safeguard 
data, they are not the best choice as for as cloud 
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environments where performance and efficiency 
are crucial due to their computational overhead and 
scalability problems [23]. Enhancing data 
confidentiality, integrity, and obfuscation through 
the combination of these strategies can reduce the 
likelihood of tampering, illegal access, and data 
breaches [24]. The creation of a thorough security 
architecture that takes into account the 
particularities of healthcare data incorporates 
effective cryptography methods designed for cloud 
systems, and guarantees regulatory compliance is 
necessary to close this research gap. Future research 
can greatly advance cloud security for healthcare 
data and enable healthcare companies to use cloud 
technology safely and efficiently by bridging this 
gap [25]. 

3. Proposed System 

The goal of the proposed system is to create a 
multilayer security framework that is especially 
made to safeguard medical data that is processed 
and stored in cloud environments. The core of this 
strategy is the combination of steganography and 
efficient ECC-AES aims to leverage cloud 
computing's scale and flexibility while addressing 
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the particular security concerns associated with 
healthcare data. Compared to conventional 
encryption methods, efficient ECC-AES provides 
strong encryption with reduced key sizes, which 
makes it a good fit for cloud environments with 
limited resources. The framework guarantees data 
confidentiality and reduces the possibility of 
unwanted access or data breaches by encrypting 
healthcare data using ECC-AES. The proposed 
work uses steganography techniques in addition to 
encryption to even more obfuscate the existence of 
sensitive healthcare data. Strict key management 
procedures, strong access restrictions, and 
assurances of compliance to meet HIPAA and 
GDPR regulations are important parts of the 
proposed system shown in Figure 1. Maintaining 
the integrity and efficacy of the security measures 
also requires regular personnel training programs 
and security audits. The overall goal of the research 
is to close the gap in the literature by offering a 
complete security solution that is especially 
designed to meet the special needs of healthcare 
data in cloud environments. 
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Figure 1 Framework for Multilayer Approach for Securing E-Healthcare Data 


The framework aims to provide better protection 
against tampering, unauthorized access, and data 
breaches by combining steganography and efficient 


ECC. This will allow healthcare organizations to 
safely utilize cloud technologies for increased 
productivity and patient care. 
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Figure 2 Multi-Layer Model 


Medical information poses the highest security risk 
in the experience of the medical business. Through 
the use of IOT devices hackers can use botnets to 
obtain patient information shown in Figure 2. For 
this reason, the safeguarding of IoMT devices 
security and medical data is essential. Modern 
communication techniques require the right 
information to be sent at the right moment to the 
right recipient. Patient records are safe and secured, 
this is significantly more necessary for individually 
identifiable medical information. A constantly 
evolving threat landscape, driven by sophisticated 
intrusion objectives, a growing number of security 
vulnerabilities and unskilled and unaware 
employees handling these private records often 
pose a threat to the sharing and safe storage of 
medical records. 
3.1 Steganography 

To make the secret image more secure from hackers 
and other attackers, it is incorporated within the 
cover image. An RGB image of a natural scene 
serves as the cover image. The YCbCr format is 
created from the RGB colour-secured image using 
the equations provided. 


Y) [0 0.298 0.588 0.115] [R 
Cb| =|128]+]-0.170 -0.332 0.499 |.]G 
cr] 1128] Lo.499 -0.420 —0.082] lB 

anne (1) 


The hidden image will be embedded in the 
luminance image plane (Y), leaving the other two 


image planes (Cb and Cr) unchanged. Grayscale 
medical imaging makes up the hidden image. Using 
the thresholding approach, this hidden grayscale 
image is transformed into a binary image. 
Depending on the threshold value, the thresholding 
process turns the pixels in the hidden images to 
either black or white. 


ee = [> temp; 
12 =I < temp; 


3.1.1 Brotli Technique 

Brotli is a good compression algorithm for handling 
data with numerous pattern and characters. These 
identical characters are summarized into same 
block. During the compression, this technique 
divides the text data into small blocks. Each block 
is then compressed separately and then encoding 
algorithm is applied which is Huffman coding, 
providing shorter codes to enhance the efficiency of 
the compression process. The decompression 
process involves the Brotli decompression 
functions which includes Huffman decoding, 
Output buffering and sliding window. The Huffman 
decoding is used to restore the representation of 
symbols into their original values. The output 
buffering is used to store the decompressed data, 
and then the sliding window is used to track context 
during the decompression process. 
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3.1.2 Discrete Wavelet Transform (DWT) 
Proposed approach used a DWT with a mother 
wavelet from HAAR. Applied 2D-DWT-2L on the 
image's row (blocks), which was designed as a 
sequential transformation process with the aid of 
low pass and high pass filters. It should be 
mentioned that level-2 coefficients were taken into 
consideration for embedding in the proposed 2D- 
DWT-2L idea. This was done primarily because 
level-2 coefficients can offer a sizable local 
characteristic set for text-embedding sans adversely 
affecting the quality of the image. Single-layer 
embedding can affect post-embedding image 
quality and result in increased visibility or 
perceptibility. Conversely, embedding at a higher 
level coefficient may yield better results, but at the 
expense of additional processing, which may not be 
appropriate given the needs of modern real-time 
applications. For this reason, we only used a 2-level 
DWT coefficient for embedding in this paper. The 
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outcomes of this method are broken down in 
relation to the image's columns. A figure 3 shows 
the brief overview of this proposed method. The 
secret data T, which has already been processed as 
cipher data, is inserted using LSB embedding to 
create stego image S. Even in the face of cloud 
attack scenarios like RS-Analysis or Steganalysis, 
the proposed solution aims to maintain optimal 
pixel adjustment to maintain maximum feasible 
imperceptibility, quality preserve, and continuous 
transmission. The proposed approach splits the 
original source image, also known as the cover- 
image, into several 8 x 8 blocks after processing it 
with HAAR-DWT. A secured database is required 
in homoeopathic or healthcare institutions to 
provide dependability and security. Healthcare 
networks might experience negative consequences 
like a denial of service due to security and privacy 
issues. A single component may be more severely 
impacted by some vulnerability than by other. 


Figure 3 2D-DWT-2L Decomposition Process 


3.2 Algorithm — Hybrid Model 
Data encryption using a multilayer security 
approach with ECC involves several steps to ensure 
robust protection against unauthorized access and 
data breaches. Here's an outline of the process: 
Step 1: Key Generation 
e Choose a suitable elliptic curve and base 
point G. 
e AES: Generate AES 
encryption key Keyags 
e ECC: Generate ECC key pair (private 
key: Precc public key: Purcc 


symmetric 


Step 2: Encryption 
AES Encryption 


e Encrypt M using AES with key KAES, 
resulting in cipher text Cags. 


ECC Encryption 


e Compute Secret Key S=Purcc*G, where 
G is the generator point on the elliptic 
curve. 

e Encrypt the Cipher text of Cars and AES 
Key 

© = Cecc=Caes*S aks 
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Step 3: Embed Encrypted Text into Cover Image 
using Steganography 
Compression 

e The Cipher text data will be encoded 
using Brotli Algorithm. Then converted 
from UTF-8 to base64, transferring the 
data into hexadecimal format, finally the 
hexadecimal converted into Binary. 

e The final output will be compressed text 
data in binary form. 

Embedding 

e Compute 2D-wavelt transform of cover 
image. It produces four bands such as: 
LL, LH, HL and HH. 

e Select LL sub-band for embedding 
procedure, this will be done using 2D- 
DWT technique. 

Step 4: Extract the secret message from Stego 
Image using reverse process 

e Extraction procedure will be done using 
2D-DWT, the bits will be extracted and 
grouped into binary form. 

e The outcome will be converted into 
hexadecimal form and then decoded 
from base64 to obtain the compressed 
text data using Brotli. 

Step 5: Decryption 
ECC Decryption 
e Compute Secret Key S = PrECC*G 
e Compute Cecc=C*S and AES Key 
AES Decryption 
e Compute Message=CECC*Keyags 
4. Results and Discussion 
The proposed method makes use of the 14 
conversion round AES-256 encryption algorithm. 
ECC is most effective algorithm to re-encrypt the 
text data and Steganography is used to provide 
multilayer security with Image entropy analysis was 
done (Refer Figures 4-7). 
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Figure 4 Image Entropy Analysis 
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Figure 5 Embedding Capacity Analysis 
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Figure 6 Encryption Time 
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Figure 7 Decryption Time 


Conclusion 

Ultimately, E-Health data encryption with the use 
of ECC in multilayer security offers a reliable 
method of protecting private medical records in 
cloud settings. By integration various symmetric 
encryption and optional steganography methods, 
the system offers several security levels that 
improve secrecy and reliability. To facilitate safe 
interaction and information sharing, the key 
generation procedure makes certain that the sender 
and recipient both have distinct key combinations. 
Resource-constrained cloud systems can benefit 
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from ECC because of its effective encryption skills, 
which allow smaller key sizes to be generated sans 
sacrificing protection. The E-Health data is 
subsequently encrypted using this symmetric key, 
guaranteeing privacy throughout storage or 
transport. Furthermore, steganography 
methodologies can be optionally integrated in order 
to obfuscate the encrypted information, thus 
strengthening protection from unwanted access or 
being intercepted. Steganography provides another 
degree of obscurity by embedding the ciphertext 
inside seemingly innocent documents or images, 
thereby rendering it harder for attackers to find or 
alter the information. Healthcare providers have no 
trouble employing cloud-based services while 
protecting the confidentiality of patients and 
guaranteeing regulatory compliance by utilizing 
encryption capabilities and implementing 
multilayer safety precautions. 
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